diff options
Diffstat (limited to 'lib/gitlab/rack_attack/request.rb')
-rw-r--r-- | lib/gitlab/rack_attack/request.rb | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/lib/gitlab/rack_attack/request.rb b/lib/gitlab/rack_attack/request.rb index 7fee6a1b43d..099174842d0 100644 --- a/lib/gitlab/rack_attack/request.rb +++ b/lib/gitlab/rack_attack/request.rb @@ -3,6 +3,8 @@ module Gitlab module RackAttack module Request + FILES_PATH_REGEX = %r{^/api/v\d+/projects/[^/]+/repository/files/.+}.freeze + def unauthenticated? !(authenticated_user_id([:api, :rss, :ics]) || authenticated_runner_id) end @@ -58,9 +60,25 @@ module Gitlab path =~ protected_paths_regex end - def throttle_unauthenticated? + def throttle?(throttle, authenticated:) + fragment = Gitlab::Throttle.throttle_fragment!(throttle, authenticated: authenticated) + + __send__("#{fragment}?") # rubocop:disable GitlabSecurity/PublicSend + end + + def throttle_unauthenticated_api? + api_request? && !should_be_skipped? && !throttle_unauthenticated_packages_api? && + !throttle_unauthenticated_files_api? && + Gitlab::Throttle.settings.throttle_unauthenticated_api_enabled && + unauthenticated? + end + + def throttle_unauthenticated_web? + web_request? && + !should_be_skipped? && + # TODO: Column will be renamed in https://gitlab.com/gitlab-org/gitlab/-/issues/340031 Gitlab::Throttle.settings.throttle_unauthenticated_enabled && unauthenticated? end @@ -68,11 +86,13 @@ module Gitlab def throttle_authenticated_api? api_request? && !throttle_authenticated_packages_api? && + !throttle_authenticated_files_api? && Gitlab::Throttle.settings.throttle_authenticated_api_enabled end def throttle_authenticated_web? web_request? && + !throttle_authenticated_git_lfs? && Gitlab::Throttle.settings.throttle_authenticated_web_enabled end @@ -109,6 +129,24 @@ module Gitlab Gitlab::Throttle.settings.throttle_authenticated_packages_api_enabled end + def throttle_authenticated_git_lfs? + git_lfs_path? && + Gitlab::Throttle.settings.throttle_authenticated_git_lfs_enabled + end + + def throttle_unauthenticated_files_api? + files_api_path? && + Feature.enabled?(:files_api_throttling, default_enabled: :yaml) && + Gitlab::Throttle.settings.throttle_unauthenticated_files_api_enabled && + unauthenticated? + end + + def throttle_authenticated_files_api? + files_api_path? && + Feature.enabled?(:files_api_throttling, default_enabled: :yaml) && + Gitlab::Throttle.settings.throttle_authenticated_files_api_enabled + end + private def authenticated_user_id(request_formats) @@ -130,6 +168,14 @@ module Gitlab def packages_api_path? path =~ ::Gitlab::Regex::Packages::API_PATH_REGEX end + + def git_lfs_path? + path =~ Gitlab::PathRegex.repository_git_lfs_route_regex + end + + def files_api_path? + path =~ FILES_PATH_REGEX + end end end end |